Researchers at Palo Alto Networks’ Unit 42 warn that attackers are utilizing refresh entries in HTTP response headers to robotically redirect customers to phishing pages with out person interplay.
“Unit 42 researchers noticed many large-scale phishing campaigns in 2024 that used a refresh entry within the HTTP response header,” the researchers write.
“From Could-July we detected round 2,000 malicious URLs day by day that had been related to campaigns of this kind. Not like different phishing webpage distribution conduct by means of HTML content material, these assaults use the response header despatched by a server, which happens earlier than the processing of the HTML content material.
Malicious hyperlinks direct the browser to robotically refresh or reload a webpage instantly, with out requiring person interplay.”
Many of those phishing assaults are concentrating on staff at firms within the enterprise and economic system sector, in addition to authorities entities and academic organizations.
“Attackers predominantly distribute the malicious URLs within the phishing campaigns through emails,” Unit 42 says. “These emails persistently embody recipients’ electronic mail addresses and show spoofed webmail login pages based mostly on the recipients’ electronic mail area pre-filled with the customers’ data. They largely goal individuals within the international monetary sector, well-known web portals, and authorities domains. For the reason that unique and touchdown URLs are sometimes discovered underneath legit or compromised domains, it’s tough to identify malicious indicators inside a URL string.”
Unit 42 provides that attackers are additionally utilizing URL parameters to pre-fill login varieties with victims’ electronic mail addresses, rising the phishing assault’s look of legitimacy.
“Many attackers additionally make use of deep linking to dynamically generate content material that seems tailor-made to the person goal,” the researchers write. “Through the use of parameters within the URL, they pre-fill sections of a type, enhancing the credibility of the phishing try. This customized method will increase the chance that the attacker will deceive the sufferer. Attackers have exploited this mechanism as a result of it allows them to load phishing content material with minimal effort whereas concealing the malicious content material.”
KnowBe4 empowers your workforce to make smarter safety selections day-after-day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human threat.
Unit 42 has the story.